feat: Implement initial TLS termination and dynamic port handling (with compilation errors)

Release version 0.1.11
Wait for the entire TLS header to become available, even if it takes
2026-02-20 21:50:59 +00:00 · 2025-05-01 22:04:59 +02:00 · 2025-05-01 22:01:54 +02:00 · 2025-01-09 21:13:07 +01:00 · 2025-01-09 20:56:51 +01:00 · 2025-01-09 20:56:51 +01:00
14 changed files with 1142 additions and 129 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 ## [0.1.10] - 2025-01-09
 ### Fixed
 * The ClientHello TLS header is now read in full before it is parsed, solving
  an error where there was not enough data to fully read it. In those cases
  it was not possible to determine the upstream address and therefore the proxy
  would go the the default action instead.
 ### Changed
 * Updated some dependencies to prevent the build from breaking.
 ## [0.1.9] - 2024-06-22
 ### Deprecated
@@ -28,10 +41,10 @@ The ability to run `l4p` without arguments is now deprecated. Please use
 ## Previous versions
 [unreleased]: https://code.kiers.eu/jjkiers/layer4-proxy/compare/v0.1.9...HEAD
 [0.1.10]: https://code.kiers.eu/jjkiers/layer4-proxy/compare/v0.1.9...v0.1.10
 [0.1.9]: https://code.kiers.eu/jjkiers/layer4-proxy/compare/v0.1.8...v0.1.9
 Types of changes:
 * `Added` for new features.
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4
 [[package]]
 name = "addr2line"
@@ -26,6 +26,12 @@ dependencies = [
 "memchr",
 ]
 [[package]]
 name = "anyhow"
 version = "1.0.102"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c"
 [[package]]
 name = "async-trait"
 version = "0.1.77"
@@ -37,12 +43,40 @@ dependencies = [
 "syn 2.0.50",
 ]
 [[package]]
 name = "atomic-waker"
 version = "1.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
 [[package]]
 name = "autocfg"
 version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
 [[package]]
 name = "aws-lc-rs"
 version = "1.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d9a7b350e3bb1767102698302bc37256cbd48422809984b98d292c40e2579aa9"
 dependencies = [
 "aws-lc-sys",
 "zeroize",
 ]
 [[package]]
 name = "aws-lc-sys"
 version = "0.37.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b092fe214090261288111db7a2b2c2118e5a7f30dc2569f1732c4069a6840549"
 dependencies = [
 "cc",
 "cmake",
 "dunce",
 "fs_extra",
 ]
 [[package]]
 name = "backtrace"
 version = "0.3.69"
@@ -96,9 +130,15 @@ checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223"
 [[package]]
 name = "cc"
-version = "1.0.86"
+version = "1.2.56"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f9fa1897e4325be0d68d48df6aa1a71ac2ed4d27723887e7754192705350730"
+checksum = "aebf35691d1bfb0ac386a69bac2fde4dd276fb618cf8bf4f5318fe285e821bb2"
 dependencies = [
 "find-msvc-tools",
 "jobserver",
 "libc",
 "shlex",
 ]
 [[package]]
 name = "cfg-if"
@@ -106,6 +146,15 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 [[package]]
 name = "cmake"
 version = "0.1.57"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "75443c44cd6b379beb8c5b45d85d0773baf31cce901fe7bb252f4eff3008ef7d"
 dependencies = [
 "cc",
 ]
 [[package]]
 name = "console"
 version = "0.15.8"
@@ -128,21 +177,18 @@ dependencies = [
 "powerfmt",
 ]
 [[package]]
 name = "dunce"
 version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
 [[package]]
 name = "encode_unicode"
 version = "0.3.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f"
 [[package]]
 name = "enum_primitive"
 version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "be4551092f4d519593039259a9ed8daedf0da12e5109c5280338073eaeb81180"
 dependencies = [
 "num-traits 0.1.43",
 ]
 [[package]]
 name = "env_logger"
 version = "0.10.2"
@@ -187,6 +233,12 @@ version = "2.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a"
 [[package]]
 name = "find-msvc-tools"
 version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
 [[package]]
 name = "fnv"
 version = "1.0.7"
@@ -202,6 +254,12 @@ dependencies = [
 "percent-encoding",
 ]
 [[package]]
 name = "fs_extra"
 version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
 [[package]]
 name = "futures"
 version = "0.3.30"
@@ -309,10 +367,29 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253"
 [[package]]
-name = "hashbrown"
+name = "h2"
-version = "0.14.3"
+version = "0.4.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604"
+checksum = "ccae279728d634d083c00f6099cb58f01cc99c145b84b8be2f6c74618d79922e"
 dependencies = [
 "atomic-waker",
 "bytes",
 "fnv",
 "futures-core",
 "futures-sink",
 "http",
 "indexmap",
 "slab",
 "tokio",
 "tokio-util",
 "tracing",
 ]
 [[package]]
 name = "hashbrown"
 version = "0.15.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289"
 [[package]]
 name = "hermit-abi"
@@ -375,6 +452,7 @@ dependencies = [
 "bytes",
 "futures-channel",
 "futures-util",
 "h2",
 "http",
 "http-body",
 "httparse",
@@ -435,9 +513,9 @@ dependencies = [
 [[package]]
 name = "indexmap"
-version = "2.2.3"
+version = "2.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "233cf39063f058ea2caae4091bf4a3ef70a653afbc026f5c4a4135d114e3c177"
+checksum = "62f822373a4fe84d4bb149bf54e584a7f4abec90e072ed49cda0edea5b95471f"
 dependencies = [
 "equivalent",
 "hashbrown",
@@ -488,6 +566,15 @@ version = "1.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c"
 [[package]]
 name = "jobserver"
 version = "0.1.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0"
 dependencies = [
 "libc",
 ]
 [[package]]
 name = "js-sys"
 version = "0.3.69"
@@ -499,8 +586,9 @@ dependencies = [
 [[package]]
 name = "l4p"
-version = "0.1.9"
+version = "0.1.11"
 dependencies = [
 "anyhow",
 "async-trait",
 "byte_string",
 "bytes",
@@ -508,12 +596,15 @@ dependencies = [
 "log",
 "pico-args",
 "pretty_env_logger",
 "rustls",
 "rustls-pemfile",
 "self_update",
 "serde",
 "serde_yaml",
 "time",
 "tls-parser",
 "tokio",
 "tokio-rustls",
 "url",
 ]
@@ -627,24 +718,6 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
 [[package]]
 name = "num-traits"
 version = "0.1.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "92e5113e9fd4cc14ded8e499429f396a20f98c772a47cc8622a736e1ec843c31"
 dependencies = [
 "num-traits 0.2.18",
 ]
 [[package]]
 name = "num-traits"
 version = "0.2.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a"
 dependencies = [
 "autocfg",
 ]
 [[package]]
 name = "num_cpus"
 version = "1.16.0"
@@ -655,6 +728,27 @@ dependencies = [
 "libc",
 ]
 [[package]]
 name = "num_enum"
 version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4e613fc340b2220f734a8595782c551f1250e969d87d3be1ae0579e8d4065179"
 dependencies = [
 "num_enum_derive",
 ]
 [[package]]
 name = "num_enum_derive"
 version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "af1844ef2428cc3e1cb900be36181049ef3d3193c63e43026cfe202983b27a56"
 dependencies = [
 "proc-macro-crate",
 "proc-macro2",
 "quote",
 "syn 2.0.50",
 ]
 [[package]]
 name = "num_threads"
 version = "0.1.7"
@@ -716,18 +810,18 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
 [[package]]
 name = "phf"
-version = "0.10.1"
+version = "0.11.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fabbf1ead8a5bcbc20f5f8b939ee3f5b0f6f281b6ad3468b84656b658b455259"
+checksum = "1fd6780a80ae0c52cc120a26a1a42c1ae51b247a253e4e06113d23d2c2edd078"
 dependencies = [
 "phf_shared",
 ]
 [[package]]
 name = "phf_codegen"
-version = "0.10.0"
+version = "0.11.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4fb1c3a8bc4dd4e5cfce29b44ffc14bedd2ee294559a294e2a4d4c9e9a6a13cd"
+checksum = "aef8048c789fa5e851558d709946d6d79a8ff88c0440c587967f8e94bfb1216a"
 dependencies = [
 "phf_generator",
 "phf_shared",
@@ -735,9 +829,9 @@ dependencies = [
 [[package]]
 name = "phf_generator"
-version = "0.10.0"
+version = "0.11.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d5285893bb5eb82e6aaf5d59ee909a06a16737a8970984dd7746ba9283498d6"
+checksum = "3c80231409c20246a13fddb31776fb942c38553c51e871f8cbd687a4cfb5843d"
 dependencies = [
 "phf_shared",
 "rand",
@@ -745,9 +839,9 @@ dependencies = [
 [[package]]
 name = "phf_shared"
-version = "0.10.0"
+version = "0.11.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6796ad771acdc0123d2a88dc428b5e38ef24456743ddb1744ed628f9815c096"
+checksum = "67eabc2ef2a60eb7faa00097bd1ffdb5bd28e62bf39990626a582201b7a754e5"
 dependencies = [
 "siphasher",
 ]
@@ -818,6 +912,15 @@ dependencies = [
 "log",
 ]
 [[package]]
 name = "proc-macro-crate"
 version = "3.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8ecf48c7ca261d60b74ab1a7b20da18bede46776b2e55535cb958eb595c5fa7b"
 dependencies = [
 "toml_edit",
 ]
 [[package]]
 name = "proc-macro2"
 version = "1.0.78"
@@ -829,9 +932,9 @@ dependencies = [
 [[package]]
 name = "quick-xml"
-version = "0.23.1"
+version = "0.37.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "11bafc859c6815fbaffbbbf4229ecb767ac913fecb27f9ad4343662e9ef099ea"
+checksum = "165859e9e55f79d67b96c5d96f4e88b6f2695a1972849c15a6a3f5c59fc2c003"
 dependencies = [
 "memchr",
 ]
@@ -971,6 +1074,7 @@ dependencies = [
 "futures-channel",
 "futures-core",
 "futures-util",
 "h2",
 "http",
 "http-body",
 "http-body-util",
@@ -1054,10 +1158,12 @@ dependencies = [
 [[package]]
 name = "rustls"
-version = "0.23.10"
+version = "0.23.36"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05cff451f60db80f490f3c182b77c35260baace73209e9cdbbe526bfe3a4d402"
+checksum = "c665f33d38cea657d9614f766881e4d510e0eda4239891eea56b4cadcf01801b"
 dependencies = [
 "aws-lc-rs",
 "log",
 "once_cell",
 "ring",
 "rustls-pki-types",
@@ -1068,26 +1174,29 @@ dependencies = [
 [[package]]
 name = "rustls-pemfile"
-version = "2.1.2"
+version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "29993a25686778eb88d4189742cd713c9bce943bc54251a33509dc63cbacf73d"
+checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50"
 dependencies = [
 "base64",
 "rustls-pki-types",
 ]
 [[package]]
 name = "rustls-pki-types"
-version = "1.7.0"
+version = "1.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d"
+checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd"
 dependencies = [
 "zeroize",
 ]
 [[package]]
 name = "rustls-webpki"
-version = "0.102.4"
+version = "0.103.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e"
+checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53"
 dependencies = [
 "aws-lc-rs",
 "ring",
 "rustls-pki-types",
 "untrusted",
@@ -1124,9 +1233,9 @@ dependencies = [
 [[package]]
 name = "self_update"
-version = "0.40.0"
+version = "0.42.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e4997484b55df069a4773d822715695b2cc27b23829eca2a4b41690e948bdeb"
+checksum = "d832c086ece0dacc29fb2947bb4219b8f6e12fe9e40b7108f9e57c4224e47b5c"
 dependencies = [
 "hyper",
 "indicatif",
@@ -1203,6 +1312,12 @@ dependencies = [
 "unsafe-libyaml",
 ]
 [[package]]
 name = "shlex"
 version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
 [[package]]
 name = "signal-hook-registry"
 version = "1.4.1"
@@ -1214,9 +1329,9 @@ dependencies = [
 [[package]]
 name = "siphasher"
-version = "0.3.11"
+version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38b58827f4464d87d377d175e90bf58eb00fd8716ff0a62f80356b5e61555d0d"
+checksum = "56199f7ddabf13fe5074ce809e7d3f42b42ae711800501b5b16ea82ad029c39d"
 [[package]]
 name = "slab"
@@ -1326,9 +1441,9 @@ dependencies = [
 [[package]]
 name = "time"
-version = "0.3.34"
+version = "0.3.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749"
+checksum = "35e7868883861bd0e56d9ac6efcaaca0d6d5d82a2a7ec8209ff492c07cf37b21"
 dependencies = [
 "deranged",
 "itoa",
@@ -1349,9 +1464,9 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
 [[package]]
 name = "time-macros"
-version = "0.2.17"
+version = "0.2.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7ba3a3ef41e6672a2f0f001392bb5dcd3ff0a9992d618ca761a11c3121547774"
+checksum = "2834e6017e3e5e4b9834939793b282bc03b37a3336245fa820e35e233e2a85de"
 dependencies = [
 "num-conv",
 "time-core",
@@ -1374,13 +1489,13 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 [[package]]
 name = "tls-parser"
-version = "0.11.0"
+version = "0.12.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "409206e2de64edbf7ea99a44ac31680daf9ef1a57895fb3c5bd738a903691be0"
+checksum = "22c36249c6082584b1f224e70f6bdadf5102197be6cfa92b353efe605d9ac741"
 dependencies = [
 "enum_primitive",
 "nom",
 "nom-derive",
 "num_enum",
 "phf",
 "phf_codegen",
 "rusticata-macros",
@@ -1418,15 +1533,44 @@ dependencies = [
 [[package]]
 name = "tokio-rustls"
-version = "0.26.0"
+version = "0.26.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4"
+checksum = "1729aa945f29d91ba541258c8df89027d5792d85a8841fb65e8bf0f4ede4ef61"
 dependencies = [
 "rustls",
 "rustls-pki-types",
 "tokio",
 ]
 [[package]]
 name = "tokio-util"
 version = "0.7.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078"
 dependencies = [
 "bytes",
 "futures-core",
 "futures-sink",
 "pin-project-lite",
 "tokio",
 ]
 [[package]]
 name = "toml_datetime"
 version = "0.6.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41"
 [[package]]
 name = "toml_edit"
 version = "0.22.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4ae48d6208a266e853d946088ed816055e556cc6028c5e8e2b84d9fa5dd7c7f5"
 dependencies = [
 "indexmap",
 "toml_datetime",
 "winnow",
 ]
 [[package]]
 name = "tower"
 version = "0.4.13"
@@ -1810,6 +1954,15 @@ version = "0.52.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0770833d60a970638e989b3fa9fd2bb1aaadcf88963d1659fd7d9990196ed2d6"
 [[package]]
 name = "winnow"
 version = "0.6.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39281189af81c07ec09db316b302a3e67bf9bd7cbf6c820b50e35fee9c2fa980"
 dependencies = [
 "memchr",
 ]
 [[package]]
 name = "winreg"
 version = "0.52.0"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "l4p"
-version = "0.1.9"
+version = "0.1.11"
 edition = "2021"
 authors = ["Jacob Kiers <code@kiers.eu>"]
 license = "Apache-2.0"
@@ -20,6 +20,7 @@ name = "l4p"
 path = "src/main.rs"
 [dependencies]
 anyhow = "1.0.102"
 async-trait = "0.1.73"
 byte_string = "1"
 bytes = "1.1"
@@ -27,14 +28,17 @@ futures = "0.3"
 log = "0.4"
 pico-args = "0.5.0"
 pretty_env_logger = "0.5"
 rustls = "0.23"
 rustls-pemfile = "2.2.0"
 serde = { version = "1.0", features = ["derive"] }
 serde_yaml = "0.9.21"
-time = { version = "0.3.1", features = ["local-offset", "formatting"] }
+time = { version = "0.3.37", features = ["local-offset", "formatting"] }
-tls-parser = "0.11"
+tls-parser = "0.12.2"
 tokio = { version = "1.0", features = ["full"] }
 tokio-rustls = "0.26.4"
 url = "2.2.2"
 [dependencies.self_update]
-version = "0.40.0"
+version = "0.42.0"
 default-features = false
 features = ["rustls"]
--- a/PLAN.md
+++ b/PLAN.md
@@ -0,0 +1,30 @@
 ## Plan for TLS Termination and Dynamic Port Handling
 ### Task
 Modify the `l4p` (layer 4 proxy) to perform TLS termination and handle dynamic/random ports for backend services. The backend services are on a specific IPv6 address, and the user can dynamically determine the hostname of these services in the format "https://{port}.my-host". The proxy should listen on port 443 and use SNI for routing.
 ### Completed Actions
 - Added `tokio-rustls`, `rustls-pemfile`, `anyhow` dependencies to `Cargo.toml`.
 - Modified `src/config/config_v1.rs` to include `TlsTerminationConfig`, `CertificateConfig`, `SniCertificateConfig` structs and updated `ServerConfig`.
 - Created `src/tls.rs` (multiple iterations due to compilation issues).
 - Integrated `anyhow::Result` into various functions and imported `Context` to `src/servers/mod.rs`.
 - Corrected imports in `src/main.rs`, `src/servers/mod.rs`, `src/servers/protocol/tcp.rs`.
 - Removed `mod tls;` from `src/servers/protocol/mod.rs`.
 - Attempted to fix various compilation errors related to `rustls` API changes, lifetime issues, and `tokio` task handling.
 - Changed `handle.await??;` to explicit match for debugging purposes.
 ### Current State (with persistent errors)
 The code currently has compilation errors, primarily related to:
 1.  **`src/servers/mod.rs`**: Still showing an error for `map_err` not found for unit type `()`. This arises from the complex double `Result` handling (`Result<anyhow::Result<()>, JoinError>`) when awaiting spawned tasks.
 2.  **`src/tls.rs`**: Facing issues with `rustls::pki_types::PrivateKeyDer` and `CertificateDer` conversions, specifically for ensuring `'static` lifetimes and incorrect method usages like `to_vec()` or `as_ref()`, or `into_owned()` methods not existing for certain types. The `borrowed data escapes outside of function` error indicates deeper lifetime mismatches.
 ### Next Steps (Requires Manual Intervention)
 - **Refactor `src/servers/mod.rs` error handling**: The current `match handle.await` block needs to be carefully reviewed to ensure correct unwraping of the nested `Result` types and proper error propagation from `tokio::task::JoinError` to `anyhow::Error`.
 - **Re-evaluate `src/tls.rs` `rustls::pki_types` usage**: A deeper understanding of `rustls-pki-types` crate and its `CertificateDer` and `PrivateKeyDer` lifetimes and conversion methods is needed. The specific error message `no method named to_vec found for struct PrivatePkcs8KeyDer` is a key indicator of incorrect usage.
 - **Review `rustls` version and documentation**: It might be helpful to review the `rustls` and `tokio-rustls` documentation for version-specific changes and best practices regarding `pki_types` and asynchronous error handling.
 This commit contains the work in progress as of the current session, including these unresolved errors, to allow for external review and debugging.
--- a/src/config/config_v1.rs
+++ b/src/config/config_v1.rs
@@ -35,6 +35,9 @@ pub struct ServerConfig {
    pub tls: Option<bool>,
    pub sni: Option<HashMap<String, String>>,
    pub default: Option<String>,
    pub termination_certs: Option<TlsTerminationConfig>,
    pub dynamic_backend_pattern: Option<String>,
    pub fixed_backend_ipv6: Option<String>,
 }
 impl TryInto<ProxyToUpstream> for &str {
    type Error = ConfigError;
@@ -201,6 +204,25 @@ fn verify_config(config: ParsedConfigV1) -> Result<ParsedConfigV1, ConfigError>
    Ok(config)
 }
 #[derive(Debug, Default, Deserialize, Clone)]
 pub struct TlsTerminationConfig {
    pub default_certificate: CertificateConfig,
    pub sni_certificates: Option<Vec<SniCertificateConfig>>,
 }
 #[derive(Debug, Default, Deserialize, Clone)]
 pub struct CertificateConfig {
    pub certificate_path: String,
    pub private_key_path: String,
 }
 #[derive(Debug, Default, Deserialize, Clone)]
 pub struct SniCertificateConfig {
    pub hostname: String,
    pub certificate_path: String,
    pub private_key_path: String,
 }
 impl From<IOError> for ConfigError {
    fn from(err: IOError) -> ConfigError {
        ConfigError::IO(err)
--- a/src/config/mod.rs
+++ b/src/config/mod.rs
@@ -1,3 +1,3 @@
-mod config_v1;
+pub mod config_v1;
-pub(crate) use config_v1::ConfigV1;
+pub(crate) use config_v1::ConfigV1;
-pub(crate) use config_v1::ParsedConfigV1;
+pub(crate) use config_v1::ParsedConfigV1;
--- a/src/main.rs
+++ b/src/main.rs
@@ -2,11 +2,13 @@ mod config;
 mod servers;
 mod update;
 mod upstreams;
 mod tls; // NEW: Declare the new TLS module
 use crate::config::ConfigV1;
 use crate::servers::Server;
 use std::io::{stderr, stdout, Write};
-use log::{debug, error, info};
+use log::{debug, error};
 use pico_args::Arguments;
 use std::path::PathBuf;
@@ -16,17 +18,35 @@ fn main() {
    match args.subcommand().expect("Unexpected error").as_deref() {
        Some("serve") => serve(),
        Some("update") => update::update(),
        Some("help") => {
            let _ = print_usage(&mut stdout().lock());
        }
        Some(cmd) => {
            eprintln!("Invalid command: {cmd}");
            std::process::exit(1);
        }
        None => {
            eprintln!("Calling l4p without argument is deprecated now. Please use: l4p serve");
            let _ = print_usage(&mut stderr().lock());
            serve();
        }
    }
 }
 fn print_usage(out: &mut dyn Write) -> std::io::Result<()> {
    writeln!(
        out,
        "{} v{}",
        env!("CARGO_PKG_NAME"),
        env!("CARGO_PKG_VERSION")
    )?;
    writeln!(out, "Usage:")?;
    writeln!(out, "\tupdate\tUpdate l4p to the latest version")?;
    writeln!(out, "\tserve\tServe the proxy")?;
    writeln!(out, "\thelp\tPrint this message")?;
    Ok(())
 }
 fn serve() {
    let config_path = match find_config() {
        Ok(p) => p,
--- a/src/servers/mod.rs
+++ b/src/servers/mod.rs
@@ -1,3 +1,4 @@
 use anyhow::{anyhow, Result};
 use log::{error, info};
 use std::collections::{HashMap, HashSet};
 use std::net::SocketAddr;
@@ -8,10 +9,15 @@ use tokio::task::JoinHandle;
 mod protocol;
 pub(crate) mod upstream_address;
-use crate::config::ParsedConfigV1;
+use crate::config::{ParsedConfigV1, config_v1::TlsTerminationConfig};
        // use crate::tls;
 use crate::upstreams::Upstream;
 use protocol::tcp;
 // A helper to convert Box<dyn Error> to anyhow::Error
 fn unhandled_error_for_box_error(e: Box<dyn std::error::Error>) -> anyhow::Error {
    anyhow!("{}", e)
 }
 #[derive(Debug)]
 pub(crate) struct Server {
    pub proxies: Vec<Arc<Proxy>>,
@@ -26,6 +32,9 @@ pub(crate) struct Proxy {
    pub sni: Option<HashMap<String, String>>,
    pub default_action: String,
    pub upstream: HashMap<String, Upstream>,
    pub termination_certs: Option<TlsTerminationConfig>,
    pub dynamic_backend_pattern: Option<String>,
    pub fixed_backend_ipv6: Option<String>,
 }
 impl Server {
@@ -64,6 +73,9 @@ impl Server {
                    sni: sni.clone(),
                    default_action: default.clone(),
                    upstream: upstream.clone(),
                    termination_certs: proxy.termination_certs.clone(),
                    dynamic_backend_pattern: proxy.dynamic_backend_pattern.clone(),
                    fixed_backend_ipv6: proxy.fixed_backend_ipv6.clone(),
                };
                new_server.proxies.push(Arc::new(proxy));
            }
@@ -73,7 +85,7 @@ impl Server {
    }
    #[tokio::main]
-    pub async fn run(&mut self) -> Result<(), Box<dyn std::error::Error>> {
+    pub async fn run(&mut self) -> Result<()> {
        let proxies = self.proxies.clone();
        let mut handles: Vec<JoinHandle<()>> = Vec::new();
@@ -83,15 +95,24 @@ impl Server {
                config.protocol, config.name, config.listen
            );
            let handle = tokio::spawn(async move {
-                match config.protocol.as_ref() {
+                if config.tls && config.termination_certs.is_some() {
-                    "tcp" | "tcp4" | "tcp6" => {
+                    // New TLS termination handling
-                        let res = tcp::proxy(config.clone()).await;
+                    let res = tcp::tls_proxy(config.clone()).await;
-                        if res.is_err() {
+                    if res.is_err() {
-                            error!("Failed to start {}: {}", config.name, res.err().unwrap());
+                        error!("Failed to start TLS server {}: {}", config.name, res.err().unwrap());
                        }
                    }
-                    _ => {
+                } else {
-                        error!("Invalid protocol: {}", config.protocol)
+                    // Existing plain TCP handling
                    match config.protocol.as_ref() {
                        "tcp" | "tcp4" | "tcp6" => {
                            let res = tcp::proxy(config.clone()).await;
                            if res.is_err() {
                                error!("Failed to start {}: {}", config.name, res.err().unwrap());
                            }
                        }
                        _ => {
                            error!("Invalid protocol: {}", config.protocol)
                        }
                    }
                }
            });
@@ -99,8 +120,7 @@ impl Server {
        }
        for handle in handles {
-            handle.await?;
+            handle.await.map_err(anyhow::Error::from)?.map_err(anyhow::Error::from)?;        }
        }
        Ok(())
    }
 }
--- a/src/servers/protocol/mod.rs
+++ b/src/servers/protocol/mod.rs
@@ -1,2 +1 @@
 pub mod tcp;
 pub mod tls;
--- a/src/servers/protocol/tcp.rs
+++ b/src/servers/protocol/tcp.rs
@@ -1,11 +1,48 @@
-use crate::servers::protocol::tls::get_sni;
+use anyhow::Result;
 use crate::servers::Proxy;
 use log::{debug, error, info, warn};
 use std::error::Error;
 use std::sync::Arc;
 use tokio::net::{TcpListener, TcpStream};
 use tokio_rustls::TlsAcceptor;
 use crate::tls;
-pub(crate) async fn proxy(config: Arc<Proxy>) -> Result<(), Box<dyn Error>> {
+pub(crate) async fn tls_proxy(config: Arc<Proxy>) -> Result<()> {
    let listener = TcpListener::bind(config.listen).await?;
    let config = config.clone();
    let acceptor = tls::build_tls_acceptor(
        config.termination_certs.as_ref().expect("TLS termination config missing"),
    )?;
    loop {
        let _config = config.clone();
        let thread_acceptor = acceptor.clone();
        match listener.accept().await {
            Err(err) => {
                error!("Failed to accept TLS connection: {}", err);
            }
            Ok((stream, _)) => {
                tokio::spawn(async move {
                    let res = match thread_acceptor.accept(stream).await {
                        Ok(tls_stream) => {
                            info!("TLS handshake successful with {:?}", tls_stream.into_inner().0.peer_addr().ok().map(|s| s.to_string()).unwrap_or_else(|| "unknown".to_string()));
                            Ok(()) // Return Ok(()) for now
                        }
                        Err(err) => {
                            error!("TLS handshake failed: {}", err);
                            Err(anyhow::anyhow!("{}", err))
                        }
                    };
                    if res.is_err() {
                        error!("TLS handling error: {}", res.unwrap_err());
                    }
                });
            }
        }
    }
 }
 pub(crate) async fn proxy(config: Arc<Proxy>) -> Result<()> {
    let listener = TcpListener::bind(config.listen).await?;
    let config = config.clone();
@@ -14,7 +51,7 @@ pub(crate) async fn proxy(config: Arc<Proxy>) -> Result<(), Box<dyn Error>> {
        match listener.accept().await {
            Err(err) => {
                error!("Failed to accept connection: {}", err);
-                return Err(Box::new(err));
+                return Err(anyhow::Error::new(err)); // Convert to anyhow::Error
            }
            Ok((stream, _)) => {
                tokio::spawn(async move {
@@ -30,35 +67,10 @@ pub(crate) async fn proxy(config: Arc<Proxy>) -> Result<(), Box<dyn Error>> {
    }
 }
-async fn accept(inbound: TcpStream, proxy: Arc<Proxy>) -> Result<(), Box<dyn Error>> {
+async fn accept(inbound: TcpStream, proxy: Arc<Proxy>) -> Result<()> {
    info!("New connection from {:?}", inbound.peer_addr()?);
-    let upstream_name = match proxy.tls {
+    let upstream_name = proxy.default_action.clone();
        false => proxy.default_action.clone(),
        true => {
            let mut hello_buf = [0u8; 1024];
            inbound.peek(&mut hello_buf).await?;
            let snis = get_sni(&hello_buf);
            if snis.is_empty() {
                proxy.default_action.clone()
            } else {
                match proxy.sni.clone() {
                    Some(sni_map) => {
                        let mut upstream = proxy.default_action.clone();
                        for sni in snis {
                            let m = sni_map.get(&sni);
                            if m.is_some() {
                                upstream = m.unwrap().clone();
                                break;
                            }
                        }
                        upstream
                    }
                    None => proxy.default_action.clone(),
                }
            }
        }
    };
    debug!("Upstream: {}", upstream_name);
@@ -69,9 +81,9 @@ async fn accept(inbound: TcpStream, proxy: Arc<Proxy>) -> Result<(), Box<dyn Err
                "No upstream named {:?} on server {:?}",
                proxy.default_action, proxy.name
            );
-            proxy.upstream.get(&proxy.default_action).unwrap()
+            proxy.upstream.get(&proxy.default_action).expect("Default upstream must exist")
        }
    };
-    upstream.process(inbound).await
+    upstream.process(inbound).await.map_err(|e| anyhow::anyhow!("{}", e))
 }
--- a/src/servers/protocol/tls.rs
+++ b/src/servers/protocol/tls.rs
@@ -1,10 +1,17 @@
-use log::{debug, warn};
+use crate::servers::Proxy;
 use log::{debug, error, trace, warn};
 use std::error::Error;
 use std::io; // Import io for ErrorKind
 use std::sync::Arc;
 use std::time::Duration; // For potential delays
 use tls_parser::{
    parse_tls_extensions, parse_tls_raw_record, parse_tls_record_with_header, TlsMessage,
    TlsMessageHandshake,
 };
 use tokio::net::TcpStream;
 use tokio::time::timeout; // Use timeout for peek operations
-pub fn get_sni(buf: &[u8]) -> Vec<String> {
+fn get_sni(buf: &[u8]) -> Vec<String> {
    let mut snis: Vec<String> = Vec::new();
    match parse_tls_raw_record(buf) {
        Ok((_, ref r)) => match parse_tls_record_with_header(r.data, &r.hdr) {
@@ -53,10 +60,257 @@ pub fn get_sni(buf: &[u8]) -> Vec<String> {
    snis
 }
 // Timeout duration for waiting for TLS Hello data
 const TLS_PEEK_TIMEOUT: Duration = Duration::from_secs(5); // Adjust as needed
 pub(crate) async fn determine_upstream_name(
    inbound: &TcpStream,
    proxy: &Arc<Proxy>,
 ) -> Result<String, Box<dyn Error>> {
    let default_upstream = proxy.default_action.clone();
    let mut header = [0u8; 9];
    // --- Step 1: Peek the initial header (9 bytes) with timeout ---
    match timeout(TLS_PEEK_TIMEOUT, async {
        loop {
            match inbound.peek(&mut header).await {
                Ok(n) if n >= header.len() => return Ok::<usize, io::Error>(n), // Got enough bytes
                Ok(0) => {
                    // Connection closed cleanly before sending enough data
                    trace!("Connection closed while peeking for TLS header");
                    return Err(io::Error::new(
                        io::ErrorKind::UnexpectedEof,
                        "Connection closed while peeking for TLS header",
                    )
                    .into()); // Convert to Box<dyn Error>
                }
                Ok(_) => {
                    // Not enough bytes yet, yield and loop again
                    tokio::task::yield_now().await;
                }
                Err(ref e) if e.kind() == io::ErrorKind::WouldBlock => {
                    // Should not happen with await, but yield defensively
                    tokio::task::yield_now().await;
                }
                Err(e) => {
                    // Other I/O error
                    warn!("Error peeking for TLS header: {}", e);
                    return Err(e.into()); // Convert to Box<dyn Error>
                }
            }
        }
    })
    .await
    {
        Ok(Ok(_)) => { /* Header peeked successfully */ }
        Ok(Err(e)) => {
            // Inner loop returned an error (e.g., EOF, IO error)
            trace!("Failed to peek header (inner error): {}", e);
            return Ok(default_upstream); // Fallback on error/EOF
        }
        Err(_) => {
            // Timeout occurred
            error!("Timeout waiting for TLS header");
            return Ok(default_upstream); // Fallback on timeout
        }
    }
    // --- Step 2: Calculate required size ---
    let required_bytes = match client_hello_buffer_size(&header) {
        Ok(size) => size,
        Err(e) => {
            // Header was invalid or not a ClientHello
            trace!("Could not determine required buffer size: {}", e);
            return Ok(default_upstream);
        }
    };
    // Basic sanity check on size
    if required_bytes > 16384 + 9 {
        // TLS max record size + header approx
        error!(
            "Calculated required TLS buffer size is too large: {}",
            required_bytes
        );
        return Ok(default_upstream);
    }
    // --- Step 3: Peek the full ClientHello with timeout ---
    let mut hello_buf = vec![0; required_bytes];
    match timeout(TLS_PEEK_TIMEOUT, async {
        let mut total_peeked = 0;
        loop {
            // Peek into the portion of the buffer that hasn't been filled yet.
            match inbound.peek(&mut hello_buf[total_peeked..]).await {
                Ok(0) => {
                    // Connection closed cleanly before sending full ClientHello
                    trace!(
                        "Connection closed while peeking for full ClientHello (peeked {}/{} bytes)",
                        total_peeked,
                        required_bytes
                    );
                    return Err::<usize, io::Error>(
                        io::Error::new(
                            io::ErrorKind::UnexpectedEof,
                            "Connection closed while peeking for full ClientHello",
                        )
                        .into(),
                    );
                }
                Ok(n) => {
                    total_peeked += n;
                    if total_peeked >= required_bytes {
                        trace!("Successfully peeked {} bytes for ClientHello", total_peeked);
                        return Ok(total_peeked); // Got enough
                    } else {
                        // Not enough bytes yet, yield and loop again
                        trace!(
                            "Peeked {}/{} bytes for ClientHello, waiting for more...",
                            total_peeked,
                            required_bytes
                        );
                        tokio::task::yield_now().await;
                    }
                }
                Err(ref e) if e.kind() == io::ErrorKind::WouldBlock => {
                    tokio::task::yield_now().await;
                }
                Err(e) => {
                    warn!("Error peeking for full ClientHello: {}", e);
                    return Err(e.into());
                }
            }
        }
    })
    .await
    {
        Ok(Ok(_)) => { /* Full hello peeked successfully */ }
        Ok(Err(e)) => {
            error!("Could not peek full ClientHello (inner error): {}", e);
            return Ok(default_upstream); // Fallback on error/EOF
        }
        Err(_) => {
            error!(
                "Timeout waiting for full ClientHello (needed {} bytes)",
                required_bytes
            );
            return Ok(default_upstream); // Fallback on timeout
        }
    }
    // --- Step 4: Parse SNI ---
    let snis = get_sni(&hello_buf);
    // --- Step 5: Determine upstream based on SNI ---
    if snis.is_empty() {
        debug!("No SNI found in ClientHello, using default upstream.");
        return Ok(default_upstream);
    } else {
        match proxy.sni.clone() {
            Some(sni_map) => {
                let mut upstream = default_upstream.clone(); // Clone here for default case
                let mut found_match = false;
                for sni in snis {
                    // snis is already Vec<String>
                    if let Some(target_upstream) = sni_map.get(&sni) {
                        debug!(
                            "Found matching SNI '{}', routing to upstream: {}",
                            sni, target_upstream
                        );
                        upstream = target_upstream.clone();
                        found_match = true;
                        break;
                    } else {
                        trace!("SNI '{}' not found in map.", sni);
                    }
                }
                if !found_match {
                    debug!("SNI(s) found but none matched configuration, using default upstream.");
                }
                Ok(upstream)
            }
            None => {
                debug!("SNI found but no SNI map configured, using default upstream.");
                Ok(default_upstream)
            }
        }
    }
 }
 fn client_hello_buffer_size(data: &[u8]) -> Result<usize, String> {
    // TLS record header
    // -----------------
    // byte   0: rec type (should be 0x16 == Handshake)
    // byte 1-2: version (should be 0x3000 < v < 0x3003)
    // byte 3-4: rec len
    if data.len() < 9 {
        trace!("Not enough bytes to even check the TLS header.");
        return Err("Not enough bytes to even check the TLS header.".into());
    }
    if data[0] != 0x16 {
        trace!("Not a TLS handshake.");
        return Err("Not a TLS handshake.".into());
    }
    // Check the record length
    let record_length = ((data[3] as u16) << 8) | (data[4] as u16);
    if record_length == 0 || record_length > 16384 {
        trace!("Client send invalid header: way too long record header.");
        return Err("Client send invalid header: way too long record header.".into());
    }
    // Handshake record header
    // -----------------------
    // byte   5: hs msg type (should be 0x01 == client_hello)
    // byte 6-8: hs msg len
    if data[5] != 0x01 {
        trace!("Not a ClientHello message");
        return Err("Not a ClientHello message".into());
    }
    // Check the handshake message length
    let handshake_length =
        ((data[6] as usize) << 16) | ((data[7] as usize) << 8) | (data[8] as usize);
    if handshake_length <= 0 || handshake_length > (record_length - 4).into() {
        warn!("Invalid client hello length (fragmentation not implemented)");
        return Err("Invalid client hello length (fragmentation not implemented)".into());
    }
    // Calculate the handshake length and return it
    Ok(handshake_length + 9)
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[test]
    fn test_too_little_data_end() {
        let length = client_hello_buffer_size(&TOO_LITTLE_DATA_END);
        if length.is_ok() {
            assert!(false);
        }
        let msg = length.unwrap_err();
        dbg!(msg);
        assert!(true);
    }
    #[test]
    fn test_too_little_data_start() {
        let length = client_hello_buffer_size(&TOO_LITTLE_DATA_START);
        assert!(length.is_ok());
        assert_eq!(1712, length.unwrap())
    }
    #[test]
    fn test_sni_extract() {
        const BUF: [u8; 517] = [
@@ -99,6 +353,454 @@ mod tests {
            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        ];
        let sni = get_sni(&BUF);
-        assert!(sni[0] == *"www.lirui.tech");
+        assert_eq!(sni[0], *"www.lirui.tech");
    }
    #[test]
    fn test_sni_extract_tiny() {
        const BUF: [u8; 1712] = [
            0x16, 0x03, 0x01, 0x06, 0xab, 0x01, 0x00, 0x06, // |........|
            0xa7, 0x03, 0x03, 0x84, 0x53, 0xb2, 0xd7, 0x37, // |....S..7|
            0xcd, 0x27, 0xda, 0xf4, 0x70, 0xd8, 0x78, 0x26, // |.'..p.x&|
            0x34, 0x7f, 0xe3, 0xa7, 0x5d, 0xfe, 0x97, 0x29, // |4...]..)|
            0x89, 0x29, 0xa2, 0xd8, 0x62, 0x05, 0x7b, 0x13, // |.)..b.{.|
            0xcf, 0x4b, 0x13, 0x20, 0x5b, 0x74, 0x4e, 0x23, // |.K. [tN#|
            0x90, 0x08, 0x5a, 0x43, 0xbf, 0xe0, 0x0d, 0xeb, // |..ZC....|
            0x8a, 0xc8, 0x4d, 0x14, 0x1e, 0x35, 0x43, 0x04, // |..M..5C.|
            0x36, 0x32, 0xdc, 0x71, 0xff, 0xcc, 0xb3, 0x5b, // |62.q...[|
            0x63, 0x4b, 0x2b, 0xee, 0x00, 0x20, 0xba, 0xba, // |cK+.. ..|
            0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2b, // |.......+|
            0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xcc, 0xa9, // |./.,.0..|
            0xcc, 0xa8, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, // |........|
            0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, 0x01, 0x00, // |.../.5..|
            0x06, 0x3e, 0x7a, 0x7a, 0x00, 0x00, 0x00, 0x0a, // |.>zz....|
            0x00, 0x0c, 0x00, 0x0a, 0xda, 0xda, 0x11, 0xec, // |........|
            0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0xff, 0x01, // |........|
            0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, // |........|
            0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, // |........|
            0x68, 0x61, 0x2e, 0x68, 0x6f, 0x6d, 0x65, 0x2e, // |ha.home.|
            0x6b, 0x69, 0x65, 0x2e, 0x72, 0x73, 0xfe, 0x0d, // |kie.rs..|
            0x00, 0xba, 0x00, 0x00, 0x01, 0x00, 0x01, 0x11, // |........|
            0x00, 0x20, 0xf7, 0xf4, 0x20, 0xc8, 0xb7, 0xeb, // |. .. ...|
            0xf1, 0x2d, 0x8b, 0x30, 0x2c, 0xc8, 0x5e, 0xd3, // |.-.0,.^.|
            0xa3, 0x02, 0x38, 0xf2, 0x41, 0xf7, 0x3f, 0x2d, // |..8.A.?-|
            0xb4, 0xf0, 0xd7, 0x3b, 0xe5, 0x19, 0x3f, 0xc3, // |...;..?.|
            0xae, 0x1f, 0x00, 0x90, 0x27, 0x8d, 0x4c, 0xc9, // |....'.L.|
            0xb3, 0xd1, 0x63, 0x20, 0xe4, 0x33, 0x18, 0x56, // |..c .3.V|
            0xd5, 0x9b, 0xd5, 0xf9, 0xf2, 0x94, 0x1d, 0xe4, // |........|
            0xa6, 0x88, 0x47, 0xd2, 0x85, 0x4f, 0xf4, 0x30, // |..G..O.0|
            0x22, 0xff, 0x67, 0x80, 0x60, 0x33, 0x17, 0xa0, // |".g.`3..|
            0x4f, 0xdb, 0x98, 0x53, 0x00, 0xa4, 0xc8, 0x89, // |O..S....|
            0xb8, 0x1b, 0x3f, 0xbd, 0xdf, 0xeb, 0x48, 0x1a, // |..?...H.|
            0xa1, 0x33, 0xd7, 0xc1, 0x8d, 0x76, 0xf2, 0xcf, // |.3...v..|
            0xbe, 0x30, 0x1d, 0xcd, 0x3a, 0xfe, 0xf1, 0xb0, // |.0..:...|
            0x86, 0xbc, 0x28, 0x74, 0x78, 0xa1, 0x9a, 0x60, // |..(tx..`|
            0x14, 0xfe, 0x12, 0x92, 0x4d, 0xb5, 0x9e, 0x85, // |....M...|
            0x79, 0x62, 0x9c, 0x68, 0x73, 0xc6, 0x0e, 0xe5, // |yb.hs...|
            0xad, 0x5b, 0xe2, 0x69, 0x00, 0xc0, 0x26, 0x24, // |.[.i..&$|
            0x88, 0xfa, 0x22, 0x29, 0x36, 0x7b, 0x16, 0x59, // |..")6{.Y|
            0x48, 0xbe, 0xf9, 0x1c, 0x86, 0x55, 0xcb, 0x67, // |H....U.g|
            0xae, 0xb6, 0x7b, 0x69, 0x3e, 0xd0, 0x48, 0x31, // |..{i>.H1|
            0x58, 0x8a, 0xd8, 0xba, 0x06, 0x21, 0xf0, 0xd4, // |X....!..|
            0x4e, 0xef, 0xcf, 0x67, 0xc5, 0x63, 0x97, 0x59, // |N..g.c.Y|
            0x95, 0x12, 0x47, 0x90, 0x00, 0x2d, 0x00, 0x02, // |..G..-..|
            0x01, 0x01, 0x00, 0x10, 0x00, 0x0b, 0x00, 0x09, // |........|
            0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, // |.http/1.|
            0x31, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, // |1.......|
            0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, // |........|
            0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x00, // |........|
            0x2b, 0x00, 0x07, 0x06, 0x0a, 0x0a, 0x03, 0x04, // |+.......|
            0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00, 0x12, // |...#....|
            0x00, 0x00, 0x00, 0x1b, 0x00, 0x03, 0x02, 0x00, // |........|
            0x02, 0x00, 0x33, 0x04, 0xef, 0x04, 0xed, 0xda, // |..3.....|
            0xda, 0x00, 0x01, 0x00, 0x11, 0xec, 0x04, 0xc0, // |........|
            0xc6, 0x12, 0x85, 0x0b, 0xba, 0x73, 0x9d, 0x00, // |.....s..|
            0x29, 0x08, 0x40, 0x3a, 0xb8, 0xfc, 0x9e, 0x99, // |).@:....|
            0x25, 0xbd, 0x60, 0xb6, 0x8a, 0x56, 0x51, 0xac, // |%.`..VQ.|
            0x38, 0xa3, 0x15, 0x37, 0x21, 0x80, 0x86, 0x02, // |8..7!...|
            0xb2, 0x10, 0x4b, 0x29, 0xeb, 0x37, 0x04, 0x47, // |..K).7.G|
            0x16, 0x12, 0x0e, 0x63, 0x2d, 0x32, 0xf6, 0x2a, // |...c-2.*|
            0x86, 0x09, 0x7b, 0x41, 0x28, 0x8c, 0xcf, 0xfa, // |..{A(...|
            0x08, 0x2e, 0x0c, 0xb2, 0x55, 0xb4, 0xb4, 0xd2, // |....U...|
            0x76, 0x38, 0x47, 0x44, 0x78, 0xf0, 0x01, 0xb6, // |v8GDx...|
            0xee, 0xf0, 0x1f, 0x4b, 0xc5, 0x6b, 0xb3, 0x93, // |...K.k..|
            0x4d, 0xa5, 0x25, 0x29, 0xda, 0x33, 0x1e, 0xc5, // |M.%).3..|
            0x15, 0x98, 0xf5, 0x41, 0x3e, 0xd2, 0xf7, 0x82, // |...A>...|
            0xd7, 0xbb, 0x56, 0xf0, 0x86, 0x29, 0xa3, 0x56, // |..V..).V|
            0x25, 0xdc, 0xaa, 0x03, 0xaa, 0x28, 0xa7, 0x2b, // |%....(.+|
            0xc0, 0x41, 0xca, 0x66, 0x3e, 0xcc, 0x21, 0x40, // |.A.f>.!@|
            0x60, 0x34, 0x5f, 0x9f, 0x69, 0x37, 0xac, 0x30, // |`4_.i7.0|
            0x06, 0x7a, 0xf9, 0x26, 0xfe, 0x3c, 0x13, 0x05, // |.z.&.<..|
            0xf6, 0xbe, 0x5f, 0x0c, 0x9a, 0x43, 0x18, 0xa2, // |.._..C..|
            0xd9, 0xc5, 0xa0, 0x06, 0x0b, 0x0a, 0x21, 0xf1, // |......!.|
            0x6b, 0x12, 0x4a, 0x5d, 0xec, 0xf6, 0x01, 0x30, // |k.J]...0|
            0xb6, 0x3b, 0x34, 0x62, 0xcd, 0x5a, 0x6a, 0x26, // |.;4b.Zj&|
            0x08, 0x98, 0xc9, 0xd0, 0x8a, 0x49, 0x94, 0x07, // |.....I..|
            0x48, 0x45, 0x78, 0x45, 0xae, 0x24, 0x2b, 0x83, // |HExE.$+.|
            0xb6, 0x69, 0x6c, 0x20, 0x33, 0xa9, 0xc4, 0x8e, // |.il 3...|
            0xe7, 0x1a, 0x90, 0x28, 0xc6, 0x3f, 0x16, 0xf2, // |...(.?..|
            0xae, 0x3e, 0x22, 0x17, 0x26, 0x9c, 0x38, 0xf5, // |.>".&.8.|
            0x88, 0x60, 0x79, 0x16, 0x28, 0xce, 0x05, 0x72, // |.`y.(..r|
            0x2f, 0x64, 0x99, 0xdd, 0x8c, 0x5b, 0xa6, 0xe2, // |/d...[..|
            0x65, 0x8a, 0xe2, 0x8d, 0xb6, 0x24, 0x9e, 0x6d, // |e....$.m|
            0x5a, 0x70, 0xfd, 0xea, 0xca, 0xec, 0x77, 0x46, // |Zp....wF|
            0x20, 0xa8, 0x1f, 0x78, 0xf6, 0x34, 0x52, 0x13, // | ..x.4R.|
            0x97, 0xef, 0x60, 0xb9, 0xe5, 0xc6, 0x85, 0xf2, // |..`.....|
            0x84, 0x64, 0xdc, 0x08, 0x07, 0xe2, 0x63, 0xa6, // |.d....c.|
            0x23, 0x64, 0x54, 0xb8, 0x72, 0xac, 0x23, 0xda, // |#dT.r.#.|
            0x8f, 0x73, 0xe4, 0x9b, 0x80, 0x77, 0x66, 0x3f, // |.s...wf?|
            0x69, 0x34, 0xc4, 0xfb, 0x45, 0x3d, 0x1c, 0xa7, // |i4..E=..|
            0x86, 0x98, 0x2e, 0xb4, 0xe0, 0x84, 0xb6, 0x47, // |.......G|
            0x78, 0xeb, 0x2b, 0x10, 0x17, 0x45, 0x8a, 0xcf, // |x.+..E..|
            0xea, 0xb5, 0x58, 0x42, 0x93, 0xbe, 0x4b, 0xad, // |..XB..K.|
            0xfb, 0x28, 0x11, 0x12, 0xe0, 0x7c, 0x3d, 0x34, // |.(...|=4|
            0x8c, 0x82, 0x07, 0x84, 0xda, 0x8b, 0x35, 0x86, // |......5.|
            0x37, 0x35, 0x1d, 0x1a, 0xa2, 0xbf, 0x0a, 0xb4, // |75......|
            0x8e, 0xf0, 0x91, 0xc4, 0xa8, 0x3f, 0x38, 0x03, // |.....?8.|
            0x37, 0xc1, 0x9a, 0x94, 0x43, 0x09, 0x57, 0xee, // |7...C.W.|
            0xaa, 0xcb, 0x3d, 0x13, 0xa2, 0x33, 0xd1, 0x04, // |..=..3..|
            0x2c, 0x6c, 0xb4, 0x1c, 0x86, 0x07, 0x0c, 0x3c, // |,l.....<|
            0x5c, 0xc9, 0x8c, 0xc8, 0x1a, 0x85, 0xa6, 0xdd, // |\.......|
            0xd3, 0xc5, 0xae, 0x84, 0x4d, 0xfe, 0xa2, 0x99, // |....M...|
            0xd3, 0x0b, 0x1f, 0x43, 0x01, 0xa6, 0x7b, 0xb2, // |...C..{.|
            0x5b, 0xd5, 0xa0, 0x3e, 0xd4, 0x6c, 0x65, 0x75, // |[..>.leu|
            0x55, 0x28, 0x4d, 0x1c, 0x28, 0x86, 0xda, 0x94, // |U(M.(...|
            0xbe, 0x0a, 0x99, 0x61, 0xa4, 0x88, 0xd9, 0x6a, // |...a...j|
            0x20, 0x1d, 0x78, 0x45, 0x5f, 0x66, 0xcc, 0x8c, // | .xE_f..|
            0xe1, 0xba, 0x4c, 0x51, 0x99, 0x54, 0x27, 0x77, // |..LQ.T'w|
            0xb4, 0x84, 0x61, 0x4e, 0xf9, 0x90, 0x6f, 0x19, // |..aN..o.|
            0x44, 0x93, 0x27, 0x1d, 0x95, 0x82, 0x74, 0x7f, // |D.'...t.|
            0x35, 0xaf, 0x04, 0xe4, 0x58, 0x41, 0x3a, 0x51, // |5...XA:Q|
            0x0b, 0x22, 0x45, 0xaf, 0x44, 0x2a, 0xe9, 0xa3, // |."E.D*..|
            0x71, 0x65, 0x15, 0x22, 0xea, 0x40, 0x10, 0xaf, // |qe.".@..|
            0x5b, 0x27, 0xfc, 0x02, 0x00, 0x23, 0xa3, 0x70, // |['...#.p|
            0xa9, 0x6c, 0xa7, 0xf7, 0x29, 0x5c, 0x75, 0x9b, // |.l..)\u.|
            0x4c, 0x23, 0x14, 0x51, 0x12, 0x62, 0x71, 0xbb, // |L#.Q.bq.|
            0x75, 0x64, 0x65, 0xb3, 0xaa, 0x1e, 0x10, 0x14, // |ude.....|
            0xbf, 0xd0, 0x8b, 0xe0, 0xe4, 0x51, 0x6e, 0xa8, // |.....Qn.|
            0x1a, 0x95, 0x21, 0xa9, 0x9f, 0xf7, 0x2a, 0xac, // |..!...*.|
            0x5c, 0x1c, 0x12, 0xac, 0x9d, 0xac, 0x57, 0x14, // |\.....W.|
            0x27, 0xaa, 0xa7, 0xee, 0xc3, 0x9d, 0x63, 0x48, // |'.....cH|
            0x0e, 0xd7, 0xf8, 0x92, 0x9f, 0x28, 0xb9, 0x82, // |.....(..|
            0x71, 0x99, 0xa1, 0xcb, 0x69, 0x0c, 0x29, 0x7d, // |q...i.)}|
            0x67, 0x73, 0xae, 0x9d, 0xd7, 0xc7, 0x51, 0x7a, // |gs....Qz|
            0x2c, 0x3a, 0x74, 0x89, 0x7d, 0x76, 0x35, 0xb5, // |,:t.}v5.|
            0x97, 0x73, 0x4a, 0xfc, 0x29, 0x9a, 0x1a, 0x06, // |.sJ.)...|
            0x2f, 0xd0, 0x89, 0x32, 0xfc, 0x3b, 0x17, 0xec, // |/..2.;..|
            0x7a, 0xb5, 0x3c, 0x66, 0x0f, 0x43, 0x55, 0x41, // |z.<f.CUA|
            0x49, 0x3f, 0xbf, 0xa1, 0x6f, 0x8a, 0x05, 0x76, // |I?..o..v|
            0xd4, 0x02, 0x33, 0x52, 0x78, 0xc8, 0x08, 0xe9, // |..3Rx...|
            0x49, 0xb8, 0x42, 0x05, 0xed, 0x34, 0x0a, 0xb1, // |I.B..4..|
            0xa8, 0x32, 0x00, 0x6b, 0x00, 0x42, 0x56, 0x8a, // |.2.k.BV.|
            0xe9, 0x04, 0x7a, 0xac, 0xc8, 0x72, 0x7f, 0x40, // |..z..r.@|
            0x4c, 0xd6, 0xa9, 0x34, 0x0b, 0xc3, 0x63, 0x39, // |L..4..c9|
            0x21, 0xbf, 0x04, 0xb0, 0x2b, 0x81, 0xf9, 0x07, // |!...+...|
            0xe6, 0x15, 0x92, 0x89, 0x9b, 0x1e, 0xe6, 0x4b, // |.......K|
            0x5b, 0x0b, 0x33, 0x5f, 0x89, 0x96, 0xa2, 0x74, // |[.3_...t|
            0x41, 0x6b, 0x15, 0xe8, 0x8a, 0x62, 0xf5, 0x1c, // |Ak...b..|
            0x37, 0x38, 0x62, 0x77, 0xd4, 0x57, 0x7b, 0x43, // |78bw.W{C|
            0x42, 0x4f, 0x01, 0x9c, 0xf2, 0xe0, 0x68, 0xb7, // |BO....h.|
            0xf1, 0x66, 0x93, 0xd8, 0x8e, 0x78, 0x80, 0x24, // |.f...x.$|
            0x4c, 0x61, 0x11, 0xbb, 0xf2, 0x79, 0xf7, 0x96, // |La...y..|
            0x02, 0x80, 0xaa, 0xc7, 0xcd, 0xbb, 0x55, 0x03, // |......U.|
            0x22, 0x5e, 0xda, 0xa2, 0x44, 0x7d, 0x82, 0x41, // |"^..D}.A|
            0x86, 0x9b, 0x92, 0x0a, 0xd5, 0x7e, 0xf2, 0x78, // |.....~.x|
            0x84, 0x50, 0x00, 0x2d, 0x0b, 0xab, 0x92, 0x7a, // |.P.-...z|
            0x96, 0x15, 0xcf, 0x5a, 0x34, 0x45, 0x35, 0xa7, // |...Z4E5.|
            0x18, 0x61, 0x2b, 0x88, 0x45, 0xaa, 0xd3, 0xe2, // |.a+.E...|
            0x54, 0xf9, 0xc7, 0xbb, 0xe7, 0x00, 0x86, 0xbd, // |T.......|
            0x8b, 0xbb, 0x6d, 0x3b, 0x0f, 0x8d, 0xfb, 0x4d, // |..m;...M|
            0x5d, 0x8b, 0x50, 0x2e, 0x68, 0x74, 0x5d, 0x03, // |].P.ht].|
            0x16, 0x2a, 0x49, 0x24, 0x54, 0x5b, 0xa9, 0x34, // |.*I$T[.4|
            0x25, 0x17, 0x79, 0xe3, 0xc3, 0x3a, 0x2a, 0x12, // |%.y..:*.|
            0x75, 0x64, 0x16, 0xa4, 0xb7, 0x7e, 0x39, 0x5a, // |ud...~9Z|
            0x4e, 0x3e, 0x53, 0x2b, 0x49, 0x1b, 0x26, 0xdf, // |N>S+I.&.|
            0xfc, 0x29, 0x99, 0xcb, 0xad, 0x29, 0x2c, 0x72, // |.)...),r|
            0x3f, 0xa7, 0xcb, 0x45, 0x4c, 0x14, 0xee, 0x46, // |?..EL..F|
            0x74, 0x64, 0xdb, 0x4b, 0x4b, 0xa4, 0x35, 0x3c, // |td.KK.5<|
            0x91, 0xc4, 0x9b, 0xb0, 0x66, 0xc6, 0x70, 0xb6, // |....f.p.|
            0xf2, 0x07, 0x3b, 0xbf, 0x74, 0x72, 0xb4, 0x24, // |..;.tr.$|
            0x7e, 0x87, 0xd4, 0x0a, 0x37, 0xd9, 0x49, 0x04, // |~...7.I.|
            0x09, 0x36, 0xd1, 0x63, 0x88, 0xe1, 0xe8, 0x08, // |.6.c....|
            0xbf, 0x17, 0xc4, 0xcd, 0xcb, 0x3c, 0xef, 0x88, // |.....<..|
            0x2c, 0xf6, 0xa3, 0x6d, 0x89, 0x39, 0xc9, 0xfe, // |,..m.9..|
            0x97, 0x25, 0xb3, 0x9a, 0x02, 0x40, 0xd4, 0x90, // |.%...@..|
            0x28, 0x6a, 0x79, 0xbd, 0x4b, 0x8e, 0x10, 0x18, // |(jy.K...|
            0xc9, 0xaf, 0xe9, 0xc0, 0x6e, 0xd5, 0xb1, 0xcf, // |....n...|
            0xe8, 0xa4, 0xdc, 0x94, 0x12, 0x82, 0xfb, 0x08, // |........|
            0x42, 0xd4, 0x1a, 0x76, 0xa2, 0x4b, 0x3f, 0xc3, // |B..v.K?.|
            0xb4, 0x0b, 0xa3, 0x0c, 0xec, 0x19, 0x7c, 0x5f, // |......|_|
            0xd5, 0x98, 0x99, 0xf4, 0x1a, 0xca, 0x83, 0xaa, // |........|
            0xbd, 0x26, 0x31, 0x95, 0x77, 0x90, 0x43, 0x7a, // |.&1.w.Cz|
            0x75, 0x15, 0xcb, 0x68, 0xae, 0x24, 0xc5, 0x1b, // |u..h.$..|
            // Cutoff here.
            0x8c, 0x49, 0xbe, 0xfc, 0x61, 0x54, 0xd7, 0x18, // |.I..aT..|
            0x9d, 0x21, 0x10, 0x14, 0xe2, 0x6d, 0x5b, 0x4b, // |.!...m[K|
            0xb0, 0x94, 0xaa, 0x6e, 0xd5, 0x7b, 0xba, 0x6e, // |...n.{.n|
            0xe0, 0x03, 0xac, 0x9a, 0xbb, 0xe1, 0x17, 0x9b, // |........|
            0x18, 0x0c, 0x33, 0xcc, 0x05, 0x91, 0x1c, 0x43, // |..3....C|
            0x37, 0xd2, 0x10, 0xb7, 0xc6, 0xc7, 0x6b, 0xda, // |7.....k.|
            0x87, 0x9c, 0xaf, 0x93, 0x52, 0x2f, 0x4c, 0x6e, // |....R/Ln|
            0x14, 0xdb, 0x49, 0xbc, 0xeb, 0x96, 0xda, 0xb6, // |..I.....|
            0x3b, 0xf8, 0xc0, 0x33, 0xba, 0x15, 0x37, 0x39, // |;..3..79|
            0xe7, 0xae, 0xb6, 0x48, 0x3e, 0xd8, 0x57, 0x67, // |...H>.Wg|
            0x9c, 0xb6, 0x9c, 0xc0, 0x18, 0x0e, 0x74, 0x67, // |......tg|
            0xae, 0x8e, 0xc6, 0x80, 0x7f, 0x81, 0x25, 0xc4, // |......%.|
            0xe9, 0x04, 0xe8, 0xd9, 0x98, 0xb6, 0x99, 0x93, // |........|
            0xa1, 0xa4, 0x5e, 0x57, 0x74, 0x89, 0x30, 0x38, // |..^Wt.08|
            0xa9, 0xbb, 0x99, 0x4a, 0x7e, 0x42, 0x3c, 0xd2, // |...J~B<.|
            0x59, 0xb6, 0x49, 0xb0, 0xc7, 0x11, 0x57, 0x03, // |Y.I...W.|
            0x6d, 0x23, 0x1b, 0x72, 0xe7, 0x24, 0xdb, 0x75, // |m#.r.$.u|
            0x78, 0xd1, 0x38, 0x01, 0x46, 0xb6, 0x8c, 0x1b, // |x.8.F...|
            0x41, 0xb4, 0xbd, 0xc1, 0xa2, 0x00, 0x63, 0xa5, // |A.....c.|
            0x97, 0x30, 0x5d, 0xbe, 0xd1, 0x37, 0x31, 0xf1, // |.0]..71.|
            0xbb, 0xc6, 0xf8, 0x81, 0x35, 0x86, 0x32, 0xa6, // |....5.2.|
            0xc3, 0x35, 0x54, 0x45, 0x50, 0xdf, 0x61, 0x46, // |.5TEP.aF|
            0x5b, 0x83, 0x6b, 0xac, 0x5c, 0x2d, 0xa2, 0xc3, // |[.k.\-..|
            0x2e, 0x71, 0x32, 0x18, 0x41, 0x29, 0x99, 0x66, // |.q2.A).f|
            0x8c, 0x50, 0x28, 0x92, 0x45, 0xae, 0x96, 0x38, // |.P(.E..8|
            0xa4, 0x83, 0x94, 0x4a, 0x2f, 0x0e, 0x62, 0x13, // |...J/.b.|
            0x07, 0x13, 0xc2, 0x0b, 0x84, 0xfd, 0x27, 0xab, // |......'.|
            0x6c, 0xb4, 0x69, 0x0d, 0xd2, 0xdb, 0xfb, 0x8e, // |l.i.....|
            0xa7, 0x09, 0x65, 0x76, 0x7e, 0x09, 0xa4, 0x7a, // |..ev~..z|
            0xe9, 0xfe, 0xec, 0x52, 0x89, 0x7d, 0x07, 0x6f, // |...R.}.o|
            0xff, 0xa0, 0xde, 0x8a, 0x42, 0x2d, 0xc3, 0x75, // |....B-.u|
            0x05, 0x6d, 0x60, 0x76, 0xce, 0xe1, 0x6c, 0xfd, // |.m`v..l.|
            0xae, 0x1f, 0x5e, 0x02, 0x94, 0x39, 0x2a, 0x55, // |..^..9*U|
            0x00, 0x1d, 0x00, 0x20, 0x8d, 0x89, 0x9a, 0x19, // |... ....|
            0x1d, 0x53, 0x52, 0xd5, 0xc1, 0x3e, 0x3a, 0x1d, // |.SR..>:.|
            0x12, 0x15, 0xae, 0x33, 0x2e, 0x54, 0xd1, 0x6f, // |...3.T.o|
            0xd6, 0xb1, 0x73, 0xd9, 0x56, 0x98, 0x6f, 0x8f, // |..s.V.o.|
            0x7e, 0xf5, 0xd9, 0x75, 0x00, 0x0b, 0x00, 0x02, // |~..u....|
            0x01, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, // |........|
            0x00, 0x00, 0x00, 0x9a, 0x9a, 0x00, 0x01, 0x00, // |........|
        ];
        let sni = get_sni(&BUF);
        assert_eq!(sni[0], *"ha.home.kie.rs");
    }
    #[test]
    fn test_too_little_data() {
        let sni = get_sni(&TOO_LITTLE_DATA_END);
        assert_eq!(0, sni.len());
    }
    const TOO_LITTLE_DATA_START: [u8; 1392] = [
        0x16, 0x03, 0x01, 0x06, 0xab, 0x01, 0x00, 0x06, // |........|
        0xa7, 0x03, 0x03, 0x84, 0x53, 0xb2, 0xd7, 0x37, // |....S..7|
        0xcd, 0x27, 0xda, 0xf4, 0x70, 0xd8, 0x78, 0x26, // |.'..p.x&|
        0x34, 0x7f, 0xe3, 0xa7, 0x5d, 0xfe, 0x97, 0x29, // |4...]..)|
        0x89, 0x29, 0xa2, 0xd8, 0x62, 0x05, 0x7b, 0x13, // |.)..b.{.|
        0xcf, 0x4b, 0x13, 0x20, 0x5b, 0x74, 0x4e, 0x23, // |.K. [tN#|
        0x90, 0x08, 0x5a, 0x43, 0xbf, 0xe0, 0x0d, 0xeb, // |..ZC....|
        0x8a, 0xc8, 0x4d, 0x14, 0x1e, 0x35, 0x43, 0x04, // |..M..5C.|
        0x36, 0x32, 0xdc, 0x71, 0xff, 0xcc, 0xb3, 0x5b, // |62.q...[|
        0x63, 0x4b, 0x2b, 0xee, 0x00, 0x20, 0xba, 0xba, // |cK+.. ..|
        0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2b, // |.......+|
        0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xcc, 0xa9, // |./.,.0..|
        0xcc, 0xa8, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, // |........|
        0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, 0x01, 0x00, // |.../.5..|
        0x06, 0x3e, 0x7a, 0x7a, 0x00, 0x00, 0x00, 0x0a, // |.>zz....|
        0x00, 0x0c, 0x00, 0x0a, 0xda, 0xda, 0x11, 0xec, // |........|
        0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0xff, 0x01, // |........|
        0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, // |........|
        0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, // |........|
        0x68, 0x61, 0x2e, 0x68, 0x6f, 0x6d, 0x65, 0x2e, // |ha.home.|
        0x6b, 0x69, 0x65, 0x2e, 0x72, 0x73, 0xfe, 0x0d, // |kie.rs..|
        0x00, 0xba, 0x00, 0x00, 0x01, 0x00, 0x01, 0x11, // |........|
        0x00, 0x20, 0xf7, 0xf4, 0x20, 0xc8, 0xb7, 0xeb, // |. .. ...|
        0xf1, 0x2d, 0x8b, 0x30, 0x2c, 0xc8, 0x5e, 0xd3, // |.-.0,.^.|
        0xa3, 0x02, 0x38, 0xf2, 0x41, 0xf7, 0x3f, 0x2d, // |..8.A.?-|
        0xb4, 0xf0, 0xd7, 0x3b, 0xe5, 0x19, 0x3f, 0xc3, // |...;..?.|
        0xae, 0x1f, 0x00, 0x90, 0x27, 0x8d, 0x4c, 0xc9, // |....'.L.|
        0xb3, 0xd1, 0x63, 0x20, 0xe4, 0x33, 0x18, 0x56, // |..c .3.V|
        0xd5, 0x9b, 0xd5, 0xf9, 0xf2, 0x94, 0x1d, 0xe4, // |........|
        0xa6, 0x88, 0x47, 0xd2, 0x85, 0x4f, 0xf4, 0x30, // |..G..O.0|
        0x22, 0xff, 0x67, 0x80, 0x60, 0x33, 0x17, 0xa0, // |".g.`3..|
        0x4f, 0xdb, 0x98, 0x53, 0x00, 0xa4, 0xc8, 0x89, // |O..S....|
        0xb8, 0x1b, 0x3f, 0xbd, 0xdf, 0xeb, 0x48, 0x1a, // |..?...H.|
        0xa1, 0x33, 0xd7, 0xc1, 0x8d, 0x76, 0xf2, 0xcf, // |.3...v..|
        0xbe, 0x30, 0x1d, 0xcd, 0x3a, 0xfe, 0xf1, 0xb0, // |.0..:...|
        0x86, 0xbc, 0x28, 0x74, 0x78, 0xa1, 0x9a, 0x60, // |..(tx..`|
        0x14, 0xfe, 0x12, 0x92, 0x4d, 0xb5, 0x9e, 0x85, // |....M...|
        0x79, 0x62, 0x9c, 0x68, 0x73, 0xc6, 0x0e, 0xe5, // |yb.hs...|
        0xad, 0x5b, 0xe2, 0x69, 0x00, 0xc0, 0x26, 0x24, // |.[.i..&$|
        0x88, 0xfa, 0x22, 0x29, 0x36, 0x7b, 0x16, 0x59, // |..")6{.Y|
        0x48, 0xbe, 0xf9, 0x1c, 0x86, 0x55, 0xcb, 0x67, // |H....U.g|
        0xae, 0xb6, 0x7b, 0x69, 0x3e, 0xd0, 0x48, 0x31, // |..{i>.H1|
        0x58, 0x8a, 0xd8, 0xba, 0x06, 0x21, 0xf0, 0xd4, // |X....!..|
        0x4e, 0xef, 0xcf, 0x67, 0xc5, 0x63, 0x97, 0x59, // |N..g.c.Y|
        0x95, 0x12, 0x47, 0x90, 0x00, 0x2d, 0x00, 0x02, // |..G..-..|
        0x01, 0x01, 0x00, 0x10, 0x00, 0x0b, 0x00, 0x09, // |........|
        0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, // |.http/1.|
        0x31, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, // |1.......|
        0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, // |........|
        0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x00, // |........|
        0x2b, 0x00, 0x07, 0x06, 0x0a, 0x0a, 0x03, 0x04, // |+.......|
        0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00, 0x12, // |...#....|
        0x00, 0x00, 0x00, 0x1b, 0x00, 0x03, 0x02, 0x00, // |........|
        0x02, 0x00, 0x33, 0x04, 0xef, 0x04, 0xed, 0xda, // |..3.....|
        0xda, 0x00, 0x01, 0x00, 0x11, 0xec, 0x04, 0xc0, // |........|
        0xc6, 0x12, 0x85, 0x0b, 0xba, 0x73, 0x9d, 0x00, // |.....s..|
        0x29, 0x08, 0x40, 0x3a, 0xb8, 0xfc, 0x9e, 0x99, // |).@:....|
        0x25, 0xbd, 0x60, 0xb6, 0x8a, 0x56, 0x51, 0xac, // |%.`..VQ.|
        0x38, 0xa3, 0x15, 0x37, 0x21, 0x80, 0x86, 0x02, // |8..7!...|
        0xb2, 0x10, 0x4b, 0x29, 0xeb, 0x37, 0x04, 0x47, // |..K).7.G|
        0x16, 0x12, 0x0e, 0x63, 0x2d, 0x32, 0xf6, 0x2a, // |...c-2.*|
        0x86, 0x09, 0x7b, 0x41, 0x28, 0x8c, 0xcf, 0xfa, // |..{A(...|
        0x08, 0x2e, 0x0c, 0xb2, 0x55, 0xb4, 0xb4, 0xd2, // |....U...|
        0x76, 0x38, 0x47, 0x44, 0x78, 0xf0, 0x01, 0xb6, // |v8GDx...|
        0xee, 0xf0, 0x1f, 0x4b, 0xc5, 0x6b, 0xb3, 0x93, // |...K.k..|
        0x4d, 0xa5, 0x25, 0x29, 0xda, 0x33, 0x1e, 0xc5, // |M.%).3..|
        0x15, 0x98, 0xf5, 0x41, 0x3e, 0xd2, 0xf7, 0x82, // |...A>...|
        0xd7, 0xbb, 0x56, 0xf0, 0x86, 0x29, 0xa3, 0x56, // |..V..).V|
        0x25, 0xdc, 0xaa, 0x03, 0xaa, 0x28, 0xa7, 0x2b, // |%....(.+|
        0xc0, 0x41, 0xca, 0x66, 0x3e, 0xcc, 0x21, 0x40, // |.A.f>.!@|
        0x60, 0x34, 0x5f, 0x9f, 0x69, 0x37, 0xac, 0x30, // |`4_.i7.0|
        0x06, 0x7a, 0xf9, 0x26, 0xfe, 0x3c, 0x13, 0x05, // |.z.&.<..|
        0xf6, 0xbe, 0x5f, 0x0c, 0x9a, 0x43, 0x18, 0xa2, // |.._..C..|
        0xd9, 0xc5, 0xa0, 0x06, 0x0b, 0x0a, 0x21, 0xf1, // |......!.|
        0x6b, 0x12, 0x4a, 0x5d, 0xec, 0xf6, 0x01, 0x30, // |k.J]...0|
        0xb6, 0x3b, 0x34, 0x62, 0xcd, 0x5a, 0x6a, 0x26, // |.;4b.Zj&|
        0x08, 0x98, 0xc9, 0xd0, 0x8a, 0x49, 0x94, 0x07, // |.....I..|
        0x48, 0x45, 0x78, 0x45, 0xae, 0x24, 0x2b, 0x83, // |HExE.$+.|
        0xb6, 0x69, 0x6c, 0x20, 0x33, 0xa9, 0xc4, 0x8e, // |.il 3...|
        0xe7, 0x1a, 0x90, 0x28, 0xc6, 0x3f, 0x16, 0xf2, // |...(.?..|
        0xae, 0x3e, 0x22, 0x17, 0x26, 0x9c, 0x38, 0xf5, // |.>".&.8.|
        0x88, 0x60, 0x79, 0x16, 0x28, 0xce, 0x05, 0x72, // |.`y.(..r|
        0x2f, 0x64, 0x99, 0xdd, 0x8c, 0x5b, 0xa6, 0xe2, // |/d...[..|
        0x65, 0x8a, 0xe2, 0x8d, 0xb6, 0x24, 0x9e, 0x6d, // |e....$.m|
        0x5a, 0x70, 0xfd, 0xea, 0xca, 0xec, 0x77, 0x46, // |Zp....wF|
        0x20, 0xa8, 0x1f, 0x78, 0xf6, 0x34, 0x52, 0x13, // | ..x.4R.|
        0x97, 0xef, 0x60, 0xb9, 0xe5, 0xc6, 0x85, 0xf2, // |..`.....|
        0x84, 0x64, 0xdc, 0x08, 0x07, 0xe2, 0x63, 0xa6, // |.d....c.|
        0x23, 0x64, 0x54, 0xb8, 0x72, 0xac, 0x23, 0xda, // |#dT.r.#.|
        0x8f, 0x73, 0xe4, 0x9b, 0x80, 0x77, 0x66, 0x3f, // |.s...wf?|
        0x69, 0x34, 0xc4, 0xfb, 0x45, 0x3d, 0x1c, 0xa7, // |i4..E=..|
        0x86, 0x98, 0x2e, 0xb4, 0xe0, 0x84, 0xb6, 0x47, // |.......G|
        0x78, 0xeb, 0x2b, 0x10, 0x17, 0x45, 0x8a, 0xcf, // |x.+..E..|
        0xea, 0xb5, 0x58, 0x42, 0x93, 0xbe, 0x4b, 0xad, // |..XB..K.|
        0xfb, 0x28, 0x11, 0x12, 0xe0, 0x7c, 0x3d, 0x34, // |.(...|=4|
        0x8c, 0x82, 0x07, 0x84, 0xda, 0x8b, 0x35, 0x86, // |......5.|
        0x37, 0x35, 0x1d, 0x1a, 0xa2, 0xbf, 0x0a, 0xb4, // |75......|
        0x8e, 0xf0, 0x91, 0xc4, 0xa8, 0x3f, 0x38, 0x03, // |.....?8.|
        0x37, 0xc1, 0x9a, 0x94, 0x43, 0x09, 0x57, 0xee, // |7...C.W.|
        0xaa, 0xcb, 0x3d, 0x13, 0xa2, 0x33, 0xd1, 0x04, // |..=..3..|
        0x2c, 0x6c, 0xb4, 0x1c, 0x86, 0x07, 0x0c, 0x3c, // |,l.....<|
        0x5c, 0xc9, 0x8c, 0xc8, 0x1a, 0x85, 0xa6, 0xdd, // |\.......|
        0xd3, 0xc5, 0xae, 0x84, 0x4d, 0xfe, 0xa2, 0x99, // |....M...|
        0xd3, 0x0b, 0x1f, 0x43, 0x01, 0xa6, 0x7b, 0xb2, // |...C..{.|
        0x5b, 0xd5, 0xa0, 0x3e, 0xd4, 0x6c, 0x65, 0x75, // |[..>.leu|
        0x55, 0x28, 0x4d, 0x1c, 0x28, 0x86, 0xda, 0x94, // |U(M.(...|
        0xbe, 0x0a, 0x99, 0x61, 0xa4, 0x88, 0xd9, 0x6a, // |...a...j|
        0x20, 0x1d, 0x78, 0x45, 0x5f, 0x66, 0xcc, 0x8c, // | .xE_f..|
        0xe1, 0xba, 0x4c, 0x51, 0x99, 0x54, 0x27, 0x77, // |..LQ.T'w|
        0xb4, 0x84, 0x61, 0x4e, 0xf9, 0x90, 0x6f, 0x19, // |..aN..o.|
        0x44, 0x93, 0x27, 0x1d, 0x95, 0x82, 0x74, 0x7f, // |D.'...t.|
        0x35, 0xaf, 0x04, 0xe4, 0x58, 0x41, 0x3a, 0x51, // |5...XA:Q|
        0x0b, 0x22, 0x45, 0xaf, 0x44, 0x2a, 0xe9, 0xa3, // |."E.D*..|
        0x71, 0x65, 0x15, 0x22, 0xea, 0x40, 0x10, 0xaf, // |qe.".@..|
        0x5b, 0x27, 0xfc, 0x02, 0x00, 0x23, 0xa3, 0x70, // |['...#.p|
        0xa9, 0x6c, 0xa7, 0xf7, 0x29, 0x5c, 0x75, 0x9b, // |.l..)\u.|
        0x4c, 0x23, 0x14, 0x51, 0x12, 0x62, 0x71, 0xbb, // |L#.Q.bq.|
        0x75, 0x64, 0x65, 0xb3, 0xaa, 0x1e, 0x10, 0x14, // |ude.....|
        0xbf, 0xd0, 0x8b, 0xe0, 0xe4, 0x51, 0x6e, 0xa8, // |.....Qn.|
        0x1a, 0x95, 0x21, 0xa9, 0x9f, 0xf7, 0x2a, 0xac, // |..!...*.|
        0x5c, 0x1c, 0x12, 0xac, 0x9d, 0xac, 0x57, 0x14, // |\.....W.|
        0x27, 0xaa, 0xa7, 0xee, 0xc3, 0x9d, 0x63, 0x48, // |'.....cH|
        0x0e, 0xd7, 0xf8, 0x92, 0x9f, 0x28, 0xb9, 0x82, // |.....(..|
        0x71, 0x99, 0xa1, 0xcb, 0x69, 0x0c, 0x29, 0x7d, // |q...i.)}|
        0x67, 0x73, 0xae, 0x9d, 0xd7, 0xc7, 0x51, 0x7a, // |gs....Qz|
        0x2c, 0x3a, 0x74, 0x89, 0x7d, 0x76, 0x35, 0xb5, // |,:t.}v5.|
        0x97, 0x73, 0x4a, 0xfc, 0x29, 0x9a, 0x1a, 0x06, // |.sJ.)...|
        0x2f, 0xd0, 0x89, 0x32, 0xfc, 0x3b, 0x17, 0xec, // |/..2.;..|
        0x7a, 0xb5, 0x3c, 0x66, 0x0f, 0x43, 0x55, 0x41, // |z.<f.CUA|
        0x49, 0x3f, 0xbf, 0xa1, 0x6f, 0x8a, 0x05, 0x76, // |I?..o..v|
        0xd4, 0x02, 0x33, 0x52, 0x78, 0xc8, 0x08, 0xe9, // |..3Rx...|
        0x49, 0xb8, 0x42, 0x05, 0xed, 0x34, 0x0a, 0xb1, // |I.B..4..|
        0xa8, 0x32, 0x00, 0x6b, 0x00, 0x42, 0x56, 0x8a, // |.2.k.BV.|
        0xe9, 0x04, 0x7a, 0xac, 0xc8, 0x72, 0x7f, 0x40, // |..z..r.@|
        0x4c, 0xd6, 0xa9, 0x34, 0x0b, 0xc3, 0x63, 0x39, // |L..4..c9|
        0x21, 0xbf, 0x04, 0xb0, 0x2b, 0x81, 0xf9, 0x07, // |!...+...|
        0xe6, 0x15, 0x92, 0x89, 0x9b, 0x1e, 0xe6, 0x4b, // |.......K|
        0x5b, 0x0b, 0x33, 0x5f, 0x89, 0x96, 0xa2, 0x74, // |[.3_...t|
        0x41, 0x6b, 0x15, 0xe8, 0x8a, 0x62, 0xf5, 0x1c, // |Ak...b..|
        0x37, 0x38, 0x62, 0x77, 0xd4, 0x57, 0x7b, 0x43, // |78bw.W{C|
        0x42, 0x4f, 0x01, 0x9c, 0xf2, 0xe0, 0x68, 0xb7, // |BO....h.|
        0xf1, 0x66, 0x93, 0xd8, 0x8e, 0x78, 0x80, 0x24, // |.f...x.$|
        0x4c, 0x61, 0x11, 0xbb, 0xf2, 0x79, 0xf7, 0x96, // |La...y..|
        0x02, 0x80, 0xaa, 0xc7, 0xcd, 0xbb, 0x55, 0x03, // |......U.|
        0x22, 0x5e, 0xda, 0xa2, 0x44, 0x7d, 0x82, 0x41, // |"^..D}.A|
        0x86, 0x9b, 0x92, 0x0a, 0xd5, 0x7e, 0xf2, 0x78, // |.....~.x|
        0x84, 0x50, 0x00, 0x2d, 0x0b, 0xab, 0x92, 0x7a, // |.P.-...z|
        0x96, 0x15, 0xcf, 0x5a, 0x34, 0x45, 0x35, 0xa7, // |...Z4E5.|
        0x18, 0x61, 0x2b, 0x88, 0x45, 0xaa, 0xd3, 0xe2, // |.a+.E...|
        0x54, 0xf9, 0xc7, 0xbb, 0xe7, 0x00, 0x86, 0xbd, // |T.......|
        0x8b, 0xbb, 0x6d, 0x3b, 0x0f, 0x8d, 0xfb, 0x4d, // |..m;...M|
        0x5d, 0x8b, 0x50, 0x2e, 0x68, 0x74, 0x5d, 0x03, // |].P.ht].|
        0x16, 0x2a, 0x49, 0x24, 0x54, 0x5b, 0xa9, 0x34, // |.*I$T[.4|
        0x25, 0x17, 0x79, 0xe3, 0xc3, 0x3a, 0x2a, 0x12, // |%.y..:*.|
        0x75, 0x64, 0x16, 0xa4, 0xb7, 0x7e, 0x39, 0x5a, // |ud...~9Z|
        0x4e, 0x3e, 0x53, 0x2b, 0x49, 0x1b, 0x26, 0xdf, // |N>S+I.&.|
        0xfc, 0x29, 0x99, 0xcb, 0xad, 0x29, 0x2c, 0x72, // |.)...),r|
        0x3f, 0xa7, 0xcb, 0x45, 0x4c, 0x14, 0xee, 0x46, // |?..EL..F|
        0x74, 0x64, 0xdb, 0x4b, 0x4b, 0xa4, 0x35, 0x3c, // |td.KK.5<|
        0x91, 0xc4, 0x9b, 0xb0, 0x66, 0xc6, 0x70, 0xb6, // |....f.p.|
        0xf2, 0x07, 0x3b, 0xbf, 0x74, 0x72, 0xb4, 0x24, // |..;.tr.$|
        0x7e, 0x87, 0xd4, 0x0a, 0x37, 0xd9, 0x49, 0x04, // |~...7.I.|
        0x09, 0x36, 0xd1, 0x63, 0x88, 0xe1, 0xe8, 0x08, // |.6.c....|
        0xbf, 0x17, 0xc4, 0xcd, 0xcb, 0x3c, 0xef, 0x88, // |.....<..|
        0x2c, 0xf6, 0xa3, 0x6d, 0x89, 0x39, 0xc9, 0xfe, // |,..m.9..|
        0x97, 0x25, 0xb3, 0x9a, 0x02, 0x40, 0xd4, 0x90, // |.%...@..|
        0x28, 0x6a, 0x79, 0xbd, 0x4b, 0x8e, 0x10, 0x18, // |(jy.K...|
        0xc9, 0xaf, 0xe9, 0xc0, 0x6e, 0xd5, 0xb1, 0xcf, // |....n...|
        0xe8, 0xa4, 0xdc, 0x94, 0x12, 0x82, 0xfb, 0x08, // |........|
        0x42, 0xd4, 0x1a, 0x76, 0xa2, 0x4b, 0x3f, 0xc3, // |B..v.K?.|
        0xb4, 0x0b, 0xa3, 0x0c, 0xec, 0x19, 0x7c, 0x5f, // |......|_|
        0xd5, 0x98, 0x99, 0xf4, 0x1a, 0xca, 0x83, 0xaa, // |........|
        0xbd, 0x26, 0x31, 0x95, 0x77, 0x90, 0x43, 0x7a, // |.&1.w.Cz|
        0x75, 0x15, 0xcb, 0x68, 0xae, 0x24, 0xc5, 0x1b, // |u..h.$..|
    ];
    const TOO_LITTLE_DATA_END: [u8; 312] = [
        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, // |........|
        0x00, 0x01, 0x00, 0x06, 0x14, 0x49, 0xbc, 0x07, // |.....I..|
        0xd1, 0x60, 0x00, 0x00, 0x45, 0x00, 0x01, 0x24, // |.`..E..$|
        0x46, 0x04, 0x40, 0x00, 0x7f, 0x06, 0x11, 0x27, // |F.@....'|
        0x4d, 0xaf, 0x56, 0xec, 0xc0, 0xa8, 0x3e, 0x65, // |M.V...>e|
        0xbf, 0x7f, 0x01, 0xbb, 0xaf, 0x09, 0x43, 0xb4, // |......C.|
        0xde, 0x93, 0xcc, 0x66, 0x50, 0x18, 0x02, 0x01, // |...fP...|
        0xd3, 0x21, 0x00, 0x00, 0xba, 0x15, 0x37, 0x39, // |.!....79|
        0xe7, 0xae, 0xb6, 0x48, 0x3e, 0xd8, 0x57, 0x67, // |...H>.Wg|
        0x9c, 0xb6, 0x9c, 0xc0, 0x18, 0x0e, 0x74, 0x67, // |......tg|
        0xae, 0x8e, 0xc6, 0x80, 0x7f, 0x81, 0x25, 0xc4, // |......%.|
        0xe9, 0x04, 0xe8, 0xd9, 0x98, 0xb6, 0x99, 0x93, // |........|
        0xa1, 0xa4, 0x5e, 0x57, 0x74, 0x89, 0x30, 0x38, // |..^Wt.08|
        0xa9, 0xbb, 0x99, 0x4a, 0x7e, 0x42, 0x3c, 0xd2, // |...J~B<.|
        0x59, 0xb6, 0x49, 0xb0, 0xc7, 0x11, 0x57, 0x03, // |Y.I...W.|
        0x6d, 0x23, 0x1b, 0x72, 0xe7, 0x24, 0xdb, 0x75, // |m#.r.$.u|
        0x78, 0xd1, 0x38, 0x01, 0x46, 0xb6, 0x8c, 0x1b, // |x.8.F...|
        0x41, 0xb4, 0xbd, 0xc1, 0xa2, 0x00, 0x63, 0xa5, // |A.....c.|
        0x97, 0x30, 0x5d, 0xbe, 0xd1, 0x37, 0x31, 0xf1, // |.0]..71.|
        0xbb, 0xc6, 0xf8, 0x81, 0x35, 0x86, 0x32, 0xa6, // |....5.2.|
        0xc3, 0x35, 0x54, 0x45, 0x50, 0xdf, 0x61, 0x46, // |.5TEP.aF|
        0x5b, 0x83, 0x6b, 0xac, 0x5c, 0x2d, 0xa2, 0xc3, // |[.k.\-..|
        0x2e, 0x71, 0x32, 0x18, 0x41, 0x29, 0x99, 0x66, // |.q2.A).f|
        0x8c, 0x50, 0x28, 0x92, 0x45, 0xae, 0x96, 0x38, // |.P(.E..8|
        0xa4, 0x83, 0x94, 0x4a, 0x2f, 0x0e, 0x62, 0x13, // |...J/.b.|
        0x07, 0x13, 0xc2, 0x0b, 0x84, 0xfd, 0x27, 0xab, // |......'.|
        0x6c, 0xb4, 0x69, 0x0d, 0xd2, 0xdb, 0xfb, 0x8e, // |l.i.....|
        0xa7, 0x09, 0x65, 0x76, 0x7e, 0x09, 0xa4, 0x7a, // |..ev~..z|
        0xe9, 0xfe, 0xec, 0x52, 0x89, 0x7d, 0x07, 0x6f, // |...R.}.o|
        0xff, 0xa0, 0xde, 0x8a, 0x42, 0x2d, 0xc3, 0x75, // |....B-.u|
        0x05, 0x6d, 0x60, 0x76, 0xce, 0xe1, 0x6c, 0xfd, // |.m`v..l.|
        0xae, 0x1f, 0x5e, 0x02, 0x94, 0x39, 0x2a, 0x55, // |..^..9*U|
        0x00, 0x1d, 0x00, 0x20, 0x8d, 0x89, 0x9a, 0x19, // |... ....|
        0x1d, 0x53, 0x52, 0xd5, 0xc1, 0x3e, 0x3a, 0x1d, // |.SR..>:.|
        0x12, 0x15, 0xae, 0x33, 0x2e, 0x54, 0xd1, 0x6f, // |...3.T.o|
        0xd6, 0xb1, 0x73, 0xd9, 0x56, 0x98, 0x6f, 0x8f, // |..s.V.o.|
        0x7e, 0xf5, 0xd9, 0x75, 0x00, 0x0b, 0x00, 0x02, // |~..u....|
        0x01, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, // |........|
        0x00, 0x00, 0x00, 0x9a, 0x9a, 0x00, 0x01, 0x00, // |........|
    ];
 }
--- a/src/servers/upstream_address.rs
+++ b/src/servers/upstream_address.rs
@@ -4,7 +4,8 @@ use std::io::Result;
 use std::net::SocketAddr;
 use std::sync::Arc;
 use std::sync::RwLock;
-use time::{Duration, Instant, OffsetDateTime};
+use std::time::Instant;
 use time::{Duration, OffsetDateTime};
 #[derive(Debug, Clone, Default)]
 pub(crate) struct UpstreamAddress {
--- a/src/tls.rs
+++ b/src/tls.rs
@@ -0,0 +1,37 @@
 use anyhow::{anyhow, Result};
 use rustls::pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer};
 use rustls::ServerConfig;
 use rustls_pemfile::{certs, pkcs8_private_keys};
 use std::fs::File;
 use std::io::BufReader;
 use std::sync::Arc;
 pub fn load_certs(path: &str) -> Result<Vec<CertificateDer>> {
    let mut reader = BufReader::new(File::open(path)?);
    certs(&mut reader)
        .collect::<Result<Vec<CertificateDer>, std::io::Error>>()
        .map_err(|e| anyhow!("failed to load certificates from {}: {}", path, e))
 }
 pub fn load_private_key(path: &str) -> Result<PrivateKeyDer> {
    let mut reader = BufReader::new(File::open(path)?);
    let mut keys = pkcs8_private_keys(&mut reader)
        .collect::<Result<Vec<PrivatePkcs8KeyDer>, std::io::Error>>()
        .map_err(|e| anyhow!("failed to load private keys from {}: {}", path, e))?;
    keys.pop()
        .map(|k| PrivateKeyDer::Pkcs8(k.to_vec().into()))
        .ok_or_else(|| anyhow!("no private keys found for {}", path))
 }
 pub fn build_tls_acceptor(
    config: &crate::config::config_v1::TlsTerminationConfig,
 ) -> Result<tokio_rustls::TlsAcceptor> {
    let certs = load_certs(&config.default_certificate.certificate_path)?;
    let key = load_private_key(&config.default_certificate.private_key_path)?;
    let tls_config = ServerConfig::builder()
        .with_no_client_auth()
        .with_single_cert(certs, key)?;
    Ok(tokio_rustls::TlsAcceptor::from(Arc::new(tls_config)))
 }
--- a/src/update.rs
+++ b/src/update.rs
@@ -1,4 +1,4 @@
-use self_update::{cargo_crate_version, version};
+use self_update::cargo_crate_version;
 pub(crate) fn update() {
    println!("Updating to the latest version...");
Author	SHA1	Message	Date
JJKiers Agent	6bc6bb4d62	feat: Implement initial TLS termination and dynamic port handling (with compilation errors)	2026-02-20 21:50:59 +00:00
Jacob Kiers	913e50ff1c	Release version 0.1.11 All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-05-01 22:04:59 +02:00
Jacob Kiers	aecffa0d14	Wait for the entire TLS header to become available, even if it takes multiple packets. Closes: #10	2025-05-01 22:01:54 +02:00
Jacob Kiers	4c2711fc81	Release version 0.1.10 All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details Signed-off-by: Jacob Kiers <code@kiers.eu>	2025-01-09 21:13:07 +01:00
Jacob Kiers	1a9ca771ac	Update based on lints All checks were successful continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details Signed-off-by: Jacob Kiers <code@kiers.eu>	2025-01-09 20:56:51 +01:00
Jacob Kiers	b7ec67ed07	Fix SNI header parsing When a listener is configured to deal with TLS upstreams, we use the SNI field of the TLS ClientHello message to decide where to send the traffic. Therefore, a buffer of 1024 bytes was used to temporarily store this message. However, a TLS ClientHello message can be larger than that, up to 16K bytes. So now the first few bytes are read and manually parsed to find out how long the message is. And then the entire ClientHello message is retrieved. So hopefully that will fix the issue causing the ClientHello determination to fail. Closes #10 Signed-off-by: Jacob Kiers <code@kiers.eu>	2025-01-09 20:56:51 +01:00
Jacob Kiers	aff46b6bfb	Update dependencies to latest version This also fixes a build failure which would otherwise happen due to the time crate. Signed-off-by: Jacob Kiers <code@kiers.eu>	2025-01-09 20:21:34 +01:00
Jacob Kiers	922ea1f030	Add help to main command Signed-off-by: Jacob Kiers <code@kiers.eu>	2024-12-24 17:22:58 +01:00